我有一个 Spring MVC 3.0 应用程序,并实现了 Spring Security。我正在创建一个小弹出窗口来更改当前登录用户的密码。一切都很顺利,直到我将表单发布到以下操作。
@RequestMapping(value = "principalchangepassword" , method = RequestMethod.POST)
public @ResponseBody String principalchangepassword(Model uiModel, HttpServletRequest httpServletRequest){
Principal principal = (Principal) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
StandardStringDigester digester = new StandardStringDigester();
digester.setAlgorithm("SHA-256"); // optionally set the algorithm
digester.setStringOutputType("hexadecimal");
digester.setSaltSizeBytes(0);
digester.setIterations(1);
String digest = digester.digest(httpServletRequest.getParameter("password1"));
principal.setPassword(digest.toLowerCase());
principal.merge();
return "Password Updated successfully";
}
当我执行 ajax 调用来更新当前主体的密码时,我收到以下异常消息。
org.hibernate.TransientObjectException: object references an unsaved transient instance – save the transient instance before flushing
我做错了什么?
最佳答案
我正在使用 BCryptPasswordEncoder 来使用 Spring Security。现在,要更改密码,我要做的是将用户提供的现有密码与数据库值进行比较。
BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
String existingPassword = ... // Password entered by user
String dbPassword = ... // Load hashed DB password
if (passwordEncoder.matches(existingPassword, dbPassword)) {
// Encode new password and store it
} else {
// Report error
}
关于spring - 更改密码 - Spring Security,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/11525308/